Everything you do while driving other than actually driving impairs your driving.
So, until we can figure out a way to remove every single distraction for drivers, we shouldn't bother to work at removing any of them? Sorry, that's the perfect solution fallacy. Thanks for playing, but better luck next time.
you have no basis for your alcohol zero tolerance policy.
What, other than the fact that alcohol does impair your judgement and slow your reaction times, and "not drinking" is really fucking easy.
By the way, I'm an American. USAians don't exist.
You might self-identify as "an American", but the paper specifically references people from "the United States". It would therefore be incorrect to state that "93% of Americans think they have above average driving skill", as that might unnecessarily slight other residents of the American continent who may well be more akin to the Swedes (also referenced) and not have quite such an over-inflated sense of their own competence (or lack thereof). True, I could have rephrased it as "93% of people from the United States...", but I couldn't bother being that long winded, especially as it's not my fault that you're the ones who haven't come up with your own unambiguous and non-overly-inclusive concise group identifier.
So, again, if you're going to be driving, why not just not drink? Why bother to take that risk with other people's lives? Is the evening's mood enhanced for you so much from just that one drink that you think it's worth it?
You really don't think that's being plain inconsiderate to the people who share your community, or a touch selfish?
Because I should be able to have a glass of wine with dinner when I dine out and drive home after wards.
Why? Seriously, why?
Drinking alcohol impairs your judgement and slows your reaction times. And part of that is being unable to reliably judge when your judgement is impaired.
Everyone who ever had an accident after having 1 drink, or 2, or 3, or 10 (and I'm including going back 30 years here, when it was more acceptable) were sure that they were perfectly able to drive at that point, that they wouldn't have an accident. People who have accidents and are over the limit today, still thought they were good to drive when they got in their car.
Do you really want people to have any alcohol at all before they put themselves in charge of 3 tons of steel moving at 50mph, and give themselves the ability to squish your, or that of any of the people you care about's, soft fragile body?
I don't.
So, why not, if you're going to be driving, just not drink?
That depends on how you play. See my conversation with rmstar (above) for a description of how to play a casino to get the same sort of return as a lotter, with what I believe will be better odds of doing so.
if you won thrice in a row and then lost everything in the forth try
If you've committed yourself beforehand to betting 4 times in a row, and you go in with $1, then your outcome is either "win $1.68million", or "lose $1". If you "lose everything" on the fourth bet, you've only really lost $1. The rest isn't yours because you'd already committed it ahead of time.
The two-lottery-tickets-a-year approach seems more realistic in that regard.
I didn't pick up on the frequency thing before. If you're matching a two tickets per year lottery strategy, then only go to the casino a couple of times per year. My point was, whatever your lottery strategy is, you can almost certainly find a fixed-ahead-of-time string of casino bets you could make, with a payout to match the number of dollars you're willing to put in to dollars you want out, at whatever frequency you want to play, and I'm pretty sure the odds of actually winning will be better than any lottery.
Therefore, if you want some odds of making it big using only small change, surely the casino route is still the more realistic way to go about it?
(I am enjoying this exchange. I'm not a mathematician, but I read (majored in) physics at university, and do software development in various languages for a living, so have some familiarity with maths, but mostly in the "pure" and "mechanical" facets. Probability and stats, not so much. That said, I understand the correct explanation of the Monty Hall problem, but answered wrong when it was first posed to me by a mathematician friend.)
If you want a chance of winning it big, you could go to a casino every week and put {$,£}1 on #21 (or whatever your lucky number is) 4 times in a row, with the winnings from each stage all going on the next bet. That's 1.68 million if you win (you could go for 5 times in a row if it's not enough) and the odds aren't too far off.
Even though roulette is about the worst game you can play, especially if it's got a "00", in a casino, it's still going to be a hell of a lot better than the lottery.
Lotteries are a really shitty bet. The payoff is much, much, much lower than the odds of winning. The house edge can be anywhere from 10% to 50% for a single bet. (e.g. for the UK lottery, you've got a 14,000,000/1 chance of winning, but the payout is roughly 7,000,000/1. A good mathematician would notice that he's going to be phenomenally better off if he places long-odds bets on sports at his local bookies (~10% house edge?), or going to a real casino (0% - ~6% house edge, depending on the game, with craps being the 0% edge if you play a perfect game, which no-one can for any reasonable length of time, which is how long it takes to average out)
No, it isn't. You do not have to sacrifice freedom to gain security. Yes, that's what the authorities have been telling you forever, but that's just because they want/like the power that comes from limiting freedom, and use people's fears to make them think that they will be more secure if their freedoms are reduced. But it's bollocks.
Freedom is not antithetical to security. You can have both. In fact, it has generally been shown that the less free a society is (think police states, theocracies, etc...), the less safe its population is. Read some Bruce Schneier sometime - he has some good essays on freedom and security.
you can't expect Mozilla to ifdef out profiles & automatic updates for all Unixes
I'd expect all of my points to be excluded *by default* in a Unix build. Yes, Unix vendors/distros (or, more probably, users) should be able to enable and build these features if they really want, but they just don't fit in with "the unix way". Which is my point.
What you are asking for is that they also make packages for your favourite distribution
No, I'm not! I shudder at the thought of 3rd parties trying to make Debian packages. Some 3rd parties do sometimes, and they're invariably a complete mess with all kinds of horror in the "postinst" scripts, or other such nastiness. I'm very happy with DDs doing the Debian packaging. (Thank you Mike Hommey!) I'm very happy with Unix vendors doing things the way they are used to doing them. I'm just pointing out that, as far as I can tell, the Mozilla devs don't seem to "get" this very well.
Are you seriously suggesting altering a symlink every time you want to run a different session?
If you want. Or you could write a 2 line shell script in your ~/bin for each profile to set the symlink and then run the actual program.
Nevermind that it wouldn't work if you wanted to run 2 different profiles at once.
Ah, I didn't realise you could do that with Firefox. I thought if you tried running a new instance it just noticed that one copy of FF was already running and opened a new window for that executable (which is another non-unixy way of doing things, but never mind...) with all the same settings.
No, in that case, that particular solution wouldn't work. Good catch. My bad.
Profiles are immensely helpful if you have 2 logins (say to all of Google's services) and want to use both at the same time.
OK, so this may sound like a silly question, but why would you want to do this? What's your use case? And is the lack of alternate profiles in other browsers something that would prevent you from moving to, e.g. Opera, or Safari, or even IE8/9?
Or, you could just create ~/.mozilla-standard/, ~/.mozilla-ebay/ and ~/.mozilla-testing/, and point a ~/.mozilla symlink at whichever profile you want to use, like you can do for... any other program at all. Again making the "profiles" feature completely redundant on Unix-like systems.
if your distro includes an older version or is slow at providing updates or just doesn't provide it at all,
If your distro is like this with security updates for any package, not just Firefox, you should probably get a new distro. Seriously.
Remember RPM dependency hell?
Actually, no. Been a happy user of Debian for many years now.:-p
Linux is more than the big distros, and getting specific versions of libraries that may not be present gets annoying, quick.
Hmmm....you're claiming that there are large, important Linux apps which rely on specific versions of libraries, and not version "x.y or later"? i.e. They're not just relying on binary ABI backwards-compatbility, but source-level API backwards-compatibility, and fail if the exact version is not present? Really? I've not come across that in quite a while. (Although fortunately I've not had to deal with Java that much.)
Sorry, I didn't mean to imply that I thought Windows doesn't currently support mulitple users well. Rather, that when Mozilla was first developed, the lack of good multi-user support in the versions of Windows in wide use at that time was the reason why profiles were initially developed.
I have a feeling that the Mozilla guys don't think in Unix security terms. Mozilla/Firefox is targetted more heavily towards Windows than Linux, and it shows in a lot of places that a lot of the developers think that way too.
e.g. The use/implementation of "profiles", which are a work-around to the problem of running on a system that does not support multiple user accounts (well), or where it is expected that multiple users use the same user account. Last I used Mozilla and Firefox on Windows, these were still pretty prominent. They're also included in Unix-based builds, where they're mostly pointless, instead of being IFDEFed out by default on those platforms.
See also the automatic updater. This is required on Windows, which does not have a centralised update system for 3rd party apps, and assumes each user will install their own copy of the software, or will have write privs to system software locations, or will have the Administrator password. It's redundant and useless on most Unices/Linux distros, but the code is still included by default.
It also prefers to bundle its own copies of 3rd party libraries, common practice on Windows where dependency handling doesn't exist, and 3rd parties generally do not bother to try to maintain backwards ABI compatibility between DLLs. Again this is contrary to the Unix way of doing things, where dependencies are well defined, and library authors take pains to ensure backwards-compatible ABIs. But still Mozilla software ships private copies of 3rd party libraries by default on Unix.
Mozilla software appears to be primarily written for Windows by Windows-based developers. Yes, it does work on Unix/Linux systems, but that's not how the developers think, and it shows.
Yes, but pre-1.0 versions of, well, pretty much anything, do not have stable A[PB]Is. That's one of the things about being pre-1.0; everything is still subject to change.
Now, all future 1.x(.y) releases should be A[PB]I backwards compatible with 1.0.0. If they're not, yes, that would be bad release management. But until they do that, I don't think it's entirely fair to complain about it.
The unstated implication in the many-eyeballs argument is a syllogism. Let me state it explicitly.
Code review makes software more secure Open source software is reviewed more than proprietary software
Therefore, open source software is more secure than proprietary software
Linus' Law has nothing to do with code review, which is what he claims and argues against. Linus' Law is entirely about being able to parellelilize finding the cause of, and fixing bugs, after they have been found; and how that's in contrast with Brooks' Law of how communication time/costs come to dominate development time/costs as the number of people working on a codebase increases.
Can this guy not even read? Or is he just too lazy to do the tiniest bit of research into Linus' Law actually is? From The Cathedral And The Bazaar:
Linus was behaving as though he believed something like this:
8. Given a large enough beta-tester and co-developer base, almost every problem will be characterized quickly and the fix obvious to someone.
Or, less formally, ``Given enough eyeballs, all bugs are shallow.'' I dub this: ``Linus's Law''.
My original formulation was that every problem ``will be transparent to somebody''. Linus demurred that the person who understands and fixes the problem is not necessarily or even usually the person who first characterizes it. ``Somebody finds the problem,'' he says, ``and somebody else understands it. And I'll go on record as saying that finding it is the bigger challenge.'' That correction is important; we'll see how in the next section, when we examine the practice of debugging in more detail. But the key point is that both parts of the process (finding and fixing) tend to happen rapidly.
Linus' Law says nothing about how many bugs are introduced into a system, or how well code is generally audited. All it says is that once someone finds a bug, if you have enough people looking at that bug, someone will figure out what the problem is, and someone will figure out a solution, pretty quickly.
Why would pirates have free access to updates too?
Because a insecure, compromised OS affects more people than just the owneruser of that OS. Unpatched pirated copies of Windows can be pwned and exploited to send spam, perform DDOS attacks, do distributed cracking of encryption keys, or whatever else the operator of a botnet chooses to do with it; actions that hurt all the users of the internet, including all the legitimate ones.
Just as a point of information, this information is available fairly clearly and obviously in the errno reference pages for various independent or widely diverged OSs/C libraries.
Oh, sorry. Force of habit. I'm so used to "apologies" actually being sarcastic digs on/. that I just misread yours in the same vein.:-)
Although, I think your somewhat excessive use of exclamation points, making the apology seem unnecessarily over-the-top for a "serious" comment, may have contributed a little to my misunderstanding.
Slashdot Mirror
So, until we can figure out a way to remove every single distraction for drivers, we shouldn't bother to work at removing any of them? Sorry, that's the perfect solution fallacy. Thanks for playing, but better luck next time.
What, other than the fact that alcohol does impair your judgement and slow your reaction times, and "not drinking" is really fucking easy.
You might self-identify as "an American", but the paper specifically references people from "the United States". It would therefore be incorrect to state that "93% of Americans think they have above average driving skill", as that might unnecessarily slight other residents of the American continent who may well be more akin to the Swedes (also referenced) and not have quite such an over-inflated sense of their own competence (or lack thereof). True, I could have rephrased it as "93% of people from the United States...", but I couldn't bother being that long winded, especially as it's not my fault that you're the ones who haven't come up with your own unambiguous and non-overly-inclusive concise group identifier.
So, again, if you're going to be driving, why not just not drink? Why bother to take that risk with other people's lives? Is the evening's mood enhanced for you so much from just that one drink that you think it's worth it?
You really don't think that's being plain inconsiderate to the people who share your community, or a touch selfish?
Why? Seriously, why?
Drinking alcohol impairs your judgement and slows your reaction times. And part of that is being unable to reliably judge when your judgement is impaired.
Everyone who ever had an accident after having 1 drink, or 2, or 3, or 10 (and I'm including going back 30 years here, when it was more acceptable) were sure that they were perfectly able to drive at that point, that they wouldn't have an accident. People who have accidents and are over the limit today, still thought they were good to drive when they got in their car.
People, on the whole, are not capable of exercising their own judgement about their ability to drive. Heck, 93% of USAians think they have above average driving skill, and 88% think they're above average when it comes to safety.
Do you really want people to have any alcohol at all before they put themselves in charge of 3 tons of steel moving at 50mph, and give themselves the ability to squish your, or that of any of the people you care about's, soft fragile body?
I don't.
So, why not, if you're going to be driving, just not drink?
...which you can see before you install it?
From the source package web page, opening the 0.1 release, we see:
What did you think it might have done?
Seriously, this is a story? What's next, "ZOMG, popcon!"?
No, I made a mistake. Stupid memory. Thanks for the correction.
That depends on how you play. See my conversation with rmstar (above) for a description of how to play a casino to get the same sort of return as a lotter, with what I believe will be better odds of doing so.
Valid point, conceded.
If you've committed yourself beforehand to betting 4 times in a row, and you go in with $1, then your outcome is either "win $1.68million", or "lose $1". If you "lose everything" on the fourth bet, you've only really lost $1. The rest isn't yours because you'd already committed it ahead of time.
I didn't pick up on the frequency thing before. If you're matching a two tickets per year lottery strategy, then only go to the casino a couple of times per year. My point was, whatever your lottery strategy is, you can almost certainly find a fixed-ahead-of-time string of casino bets you could make, with a payout to match the number of dollars you're willing to put in to dollars you want out, at whatever frequency you want to play, and I'm pretty sure the odds of actually winning will be better than any lottery.
Therefore, if you want some odds of making it big using only small change, surely the casino route is still the more realistic way to go about it?
(I am enjoying this exchange. I'm not a mathematician, but I read (majored in) physics at university, and do software development in various languages for a living, so have some familiarity with maths, but mostly in the "pure" and "mechanical" facets. Probability and stats, not so much. That said, I understand the correct explanation of the Monty Hall problem, but answered wrong when it was first posed to me by a mathematician friend.)
If you want to give to charity, give to charity.
If you want a chance of winning it big, you could go to a casino every week and put {$,£}1 on #21 (or whatever your lucky number is) 4 times in a row, with the winnings from each stage all going on the next bet. That's 1.68 million if you win (you could go for 5 times in a row if it's not enough) and the odds aren't too far off.
Even though roulette is about the worst game you can play, especially if it's got a "00", in a casino, it's still going to be a hell of a lot better than the lottery.
Lotteries are a really shitty bet. The payoff is much, much, much lower than the odds of winning. The house edge can be anywhere from 10% to 50% for a single bet. (e.g. for the UK lottery, you've got a 14,000,000/1 chance of winning, but the payout is roughly 7,000,000/1. A good mathematician would notice that he's going to be phenomenally better off if he places long-odds bets on sports at his local bookies (~10% house edge?), or going to a real casino (0% - ~6% house edge, depending on the game, with craps being the 0% edge if you play a perfect game, which no-one can for any reasonable length of time, which is how long it takes to average out)
No, it isn't. You do not have to sacrifice freedom to gain security. Yes, that's what the authorities have been telling you forever, but that's just because they want/like the power that comes from limiting freedom, and use people's fears to make them think that they will be more secure if their freedoms are reduced. But it's bollocks.
Freedom is not antithetical to security. You can have both. In fact, it has generally been shown that the less free a society is (think police states, theocracies, etc...), the less safe its population is. Read some Bruce Schneier sometime - he has some good essays on freedom and security.
I'd expect all of my points to be excluded *by default* in a Unix build. Yes, Unix vendors/distros (or, more probably, users) should be able to enable and build these features if they really want, but they just don't fit in with "the unix way". Which is my point.
No, I'm not! I shudder at the thought of 3rd parties trying to make Debian packages. Some 3rd parties do sometimes, and they're invariably a complete mess with all kinds of horror in the "postinst" scripts, or other such nastiness. I'm very happy with DDs doing the Debian packaging. (Thank you Mike Hommey!) I'm very happy with Unix vendors doing things the way they are used to doing them. I'm just pointing out that, as far as I can tell, the Mozilla devs don't seem to "get" this very well.
If you want. Or you could write a 2 line shell script in your ~/bin for each profile to set the symlink and then run the actual program.
Ah, I didn't realise you could do that with Firefox. I thought if you tried running a new instance it just noticed that one copy of FF was already running and opened a new window for that executable (which is another non-unixy way of doing things, but never mind...) with all the same settings.
No, in that case, that particular solution wouldn't work. Good catch. My bad.
OK, so this may sound like a silly question, but why would you want to do this? What's your use case? And is the lack of alternate profiles in other browsers something that would prevent you from moving to, e.g. Opera, or Safari, or even IE8/9?
Or, you could just create ~/.mozilla-standard/, ~/.mozilla-ebay/ and ~/.mozilla-testing/, and point a ~/.mozilla symlink at whichever profile you want to use, like you can do for ... any other program at all. Again making the "profiles" feature completely redundant on Unix-like systems.
If your distro is like this with security updates for any package, not just Firefox, you should probably get a new distro. Seriously.
Actually, no. Been a happy user of Debian for many years now. :-p
Hmmm....you're claiming that there are large, important Linux apps which rely on specific versions of libraries, and not version "x.y or later"? i.e. They're not just relying on binary ABI backwards-compatbility, but source-level API backwards-compatibility, and fail if the exact version is not present? Really? I've not come across that in quite a while. (Although fortunately I've not had to deal with Java that much.)
Sorry, I didn't mean to imply that I thought Windows doesn't currently support mulitple users well. Rather, that when Mozilla was first developed, the lack of good multi-user support in the versions of Windows in wide use at that time was the reason why profiles were initially developed.
I have a feeling that the Mozilla guys don't think in Unix security terms. Mozilla/Firefox is targetted more heavily towards Windows than Linux, and it shows in a lot of places that a lot of the developers think that way too.
e.g. The use/implementation of "profiles", which are a work-around to the problem of running on a system that does not support multiple user accounts (well), or where it is expected that multiple users use the same user account. Last I used Mozilla and Firefox on Windows, these were still pretty prominent. They're also included in Unix-based builds, where they're mostly pointless, instead of being IFDEFed out by default on those platforms.
See also the automatic updater. This is required on Windows, which does not have a centralised update system for 3rd party apps, and assumes each user will install their own copy of the software, or will have write privs to system software locations, or will have the Administrator password. It's redundant and useless on most Unices/Linux distros, but the code is still included by default.
It also prefers to bundle its own copies of 3rd party libraries, common practice on Windows where dependency handling doesn't exist, and 3rd parties generally do not bother to try to maintain backwards ABI compatibility between DLLs. Again this is contrary to the Unix way of doing things, where dependencies are well defined, and library authors take pains to ensure backwards-compatible ABIs. But still Mozilla software ships private copies of 3rd party libraries by default on Unix.
Mozilla software appears to be primarily written for Windows by Windows-based developers. Yes, it does work on Unix/Linux systems, but that's not how the developers think, and it shows.
Hey buddy, want to try some Snow Crash?
Yes, but pre-1.0 versions of, well, pretty much anything, do not have stable A[PB]Is. That's one of the things about being pre-1.0; everything is still subject to change.
Now, all future 1.x(.y) releases should be A[PB]I backwards compatible with 1.0.0. If they're not, yes, that would be bad release management. But until they do that, I don't think it's entirely fair to complain about it.
That's the Hawthorne effect.
If Chuck Norris had been the star of "24", it would have been called "1"
Uh, no he doesn't. He mis-states Linus' Law thus:
Linus' Law has nothing to do with code review, which is what he claims and argues against. Linus' Law is entirely about being able to parellelilize finding the cause of, and fixing bugs, after they have been found; and how that's in contrast with Brooks' Law of how communication time/costs come to dominate development time/costs as the number of people working on a codebase increases.
Can this guy not even read? Or is he just too lazy to do the tiniest bit of research into Linus' Law actually is? From The Cathedral And The Bazaar:
Linus' Law says nothing about how many bugs are introduced into a system, or how well code is generally audited. All it says is that once someone finds a bug, if you have enough people looking at that bug, someone will figure out what the problem is, and someone will figure out a solution, pretty quickly.
That's it. And it is still true.
Because a insecure, compromised OS affects more people than just the owneruser of that OS. Unpatched pirated copies of Windows can be pwned and exploited to send spam, perform DDOS attacks, do distributed cracking of encryption keys, or whatever else the operator of a botnet chooses to do with it; actions that hurt all the users of the internet, including all the legitimate ones.
Patching pirated copies of Windows is in the public interest
But it is an invaluable use of the SysRq key.
Huh? I thought XP, Vista and now Win 7 were all part of the NT line. Or are you defining "the NT line" in some weird way?
Just as a point of information, this information is available fairly clearly and obviously in the errno reference pages for various independent or widely diverged OSs/C libraries.
GNU/Linux (GNU C library)
FreeBSD (BSD libc)
Solaris (SYSV-derived)
Oh, sorry. Force of habit. I'm so used to "apologies" actually being sarcastic digs on /. that I just misread yours in the same vein. :-)
Although, I think your somewhat excessive use of exclamation points, making the apology seem unnecessarily over-the-top for a "serious" comment, may have contributed a little to my misunderstanding.
Anyway, apologies once again.